i want to secure my oracle database from system administrator

I am using window 2003 server and I want to secure my oracle database from system administrator. (start/stop database server, copy of full database folder) etc.

Quote:

---

Originally Posted by Owais

I am using window 2003 server and I want to secure my oracle database from system administrator. (start/stop database server, copy of full database folder) etc.

---

No problem, just take them out of the admin group. :rolleyes:

Ok but to do daily network related task, we create one User on windows for network person with Power User rights but how can I restrict him not to copy the database folder in any other location.

Note:One window user for DBA with user & ORA_DBA rights

Quote:

---

Originally Posted by Owais

Ok but to do daily network related task, we create one User on windows for network person with Power User rights but how can I restrict him not to copy the database folder in any other location.

Note:One window user for DBA with user & ORA_DBA rights

---

I was being sarcastic with my previous comment. If someone is a sys admin then they have full access to the server. you need to setup a daily hot backup and any other jobs that need to run on the database like a stats job yourself, and let them know what you want them to do. Can you create one folder/volume/partition to use as your backup directory and have them only backup that? I administer Unix servers and we have an /oracle/backups volume on every server. Anything we backup to that directory via our hot backup gets backed up by the backup system, if we don't backup to that directory then it doesn't get backed up.

if someone is a sys admin they can hose your database whether intentionally or by accident.

Quote:

---

Originally Posted by Owais

I am using window 2003 server and I want to secure my oracle database from system administrator. (start/stop database server, copy of full database folder) etc.

---

This is not possible.

This is like the developer saying i want to stop the DBA from looking at my records in the database.

The least you can do is audit the dba's activites but i doubt you can prevent him from seeing

regards
Hrishy

Quote:

---

Originally Posted by hrishy

This is not possible.

This is like the developer saying i want to stop the DBA from looking at my records in the database.

The least you can do is audit the dba's activites but i doubt you can prevent him from seeing

---

You have to read a little about Oracle Vault.

Hi Pavb

Thanks for the valuable info on oracle audit vault.
I had no clue of this but when i read about it FAQ it looks like it audits everybody who looks into your data but cannot prevent say a system administrator from looking into the data.If a system adminitsrator looks into the data then that action is audited

is my observation correct ?

regards
Hrishy

You are always welcome Hrishy but Oracle Vault is much more than an audit tool, Vault will stop you for viewing the data -even if you have DBA privs - then report your attempted violation of policies.

Quote:

---

Originally Posted by PAVB

You are always welcome Hrishy but Oracle Vault is much more than an audit tool, Vault will stop you for viewing the data -even if you have DBA privs - then report your attempted violation of policies.

---

Hi PAVB

Great piece of info....I am really lucky to have run into this this is very very valuable for me.

Its strange though that reading the FAQ it looks like it only aduits and doesn't prevent anyone from seeing the data

Just one more question is it a seprate product that we need to buy over and above Oracle Database Enterprise Edition

regards
Hrishy

Glad you like it, Vault brings to the table a set of very interesting features.

Answering you first question... Yes, vault actually prevents power users like DBA, etc to access the data, you may want to search for "Oracle Database Vault, Realms"

Answering your last question, Yes! you have to pay for it.